ITN_Module_10_11.pdf
Document Details
Tags
Full Transcript
Module 10: Basic Router Configuration Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Basic Router Configuration Module Objective: Implement initial settings on a router and end devices. Topic Title Topic Objective Configure Initial...
Module 10: Basic Router Configuration Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Basic Router Configuration Module Objective: Implement initial settings on a router and end devices. Topic Title Topic Objective Configure Initial Router Settings Configure initial settings on an IOS Cisco router. Configure Interfaces Configure two active interfaces on a Cisco IOS router. Configure the Default Gateway Configure devices to use the default gateway. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 10.1 Configure Initial Router Settings © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Configure Initial Router Settings Basic Router Configuration Steps Configure the device name. Router(config)# hostname hostname Secure privileged EXEC Router(config)# enable secret password mode. Router(config)# line console 0 Router(config-line)# password password Secure user EXEC mode. Router(config-line)# login Secure remote Telnet / SSH Router(config)# line vty 0 4 access. Router(config-line)# password password Router(config-line)# login Encrypt all plaintext Router(config-line)# transport input {ssh | telnet} passwords. Router(config)# service password encryption Provide legal notification and Router(config)# banner motd # message # save the configuration. Router(config)# end Router# copy running-config startup-config © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Configure Initial Router Settings Basic Router Configuration Example Commands for basic router R1(config)# hostname R1 R1(config)# enable secret class configuration on R1. R1(config)# line console 0 R1(config-line)# password cisco Configuration is saved to R1(config-line)# login NVRAM. R1(config-line)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# transport input ssh telnet R1(config-line)# exit R1(config)# service password encryption R1(config)# banner motd # Enter TEXT message. End with a new line and the # *********************************************** WARNING: Unauthorized access is prohibited! ********************************************** R1(config)# exit R1# copy running-config startup-config © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Configure Initial Router Settings Packet Tracer – Configure Initial Router Settings In this Packet Tracer, you will do the following: Verify the default router configuration. Configure and verify the initial router configuration. Save the running configuration file. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 10.2 Configure Interfaces © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Configure Interfaces Configure Router Interfaces Configuring a router interface includes issuing the following commands: Router(config)# interface type-and-number Router(config-if)# description description-text Router(config-if)# ip address ipv4-address subnet-mask Router(config-if)# ipv6 address ipv6-address/prefix-length Router(config-if)# no shutdown It is a good practice to use the description command to add information about the network connected to the interface. The no shutdown command activates the interface. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Configure Interfaces Configure Router Interfaces Example The commands to configure interface G0/0/0 on R1 are shown here: R1(config)# interface gigabitEthernet 0/0/0 R1(config-if)# description Link to LAN R1(config-if)# ip address 192.168.10.1 255.255.255.0 R1(config-if)# ipv6 address 2001:db8:acad:10::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# *Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down *Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up *Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Configure Interfaces Configure Router Interfaces Example (Cont.) The commands to configure interface G0/0/1 on R1 are shown here: R1(config)# interface gigabitEthernet 0/0/1 R1(config-if)# description Link to R2 R1(config-if)# ip address 209.165.200.225 255.255.255.252 R1(config-if)# ipv6 address 2001:db8:feed:224::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# *Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down *Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up *Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Configure Interfaces Verify Interface Configuration To verify interface configuration use the show ip interface brief and show ipv6 interface brief commands shown here: R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 192.168.10.1 YES manual up up GigabitEthernet0/0/1 209.165.200.225 YES manual up up Vlan1 unassigned YES unset administratively down down R1# show ipv6 interface brief GigabitEthernet0/0/0 [up/up] FE80::201:C9FF:FE89:4501 2001:DB8:ACAD:10::1 GigabitEthernet0/0/1 [up/up] FE80::201:C9FF:FE89:4502 2001:DB8:FEED:224::1 Vlan1 [administratively down/down] unassigned R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Configure Interfaces Configure Verification Commands The table summarizes show commands used to verify interface configuration. Commands Description show ip interface brief Displays all interfaces, their IP addresses, and their current show ipv6 interface brief status. show ip route Displays the contents of the IP routing tables stored in show ipv6 route RAM. show interfaces Displays statistics for all interfaces on the device. Only displays the IPv4 addressing information. show ip interfaces Displays the IPv4 statistics for all interfaces on a router. show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Configure Interfaces Configure Verification Commands (Cont.) View status of all interfaces with the show ip interface brief and show ipv6 interface brief commands, shown here: R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 192.168.10.1 YES manual up up GigabitEthernet0/0/1 209.165.200.225 YES manual up up Vlan1 unassigned YES unset administratively down down R1# R1# show ipv6 interface brief GigabitEthernet0/0/0 [up/up] FE80::201:C9FF:FE89:4501 2001:DB8:ACAD:10::1 GigabitEthernet0/0/1 [up/up] FE80::201:C9FF:FE89:4502 2001:DB8:FEED:224::1 Vlan1 [administratively down/down] unassigned R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Configure Interfaces Configure Verification Commands (Cont.) Display the contents of the IP routing tables with the show ip route and show ipv6 route commands as shown here: R1# show ip route < output omitted> Gateway of last resort is not set 192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0 L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0 209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1 L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1 R1# R1# show ipv6 route C 2001:DB8:ACAD:10::/64 [0/0] via GigabitEthernet0/0/0, directly connected L 2001:DB8:ACAD:10::1/128 [0/0] via GigabitEthernet0/0/0, receive C 2001:DB8:FEED:224::/64 [0/0] via GigabitEthernet0/0/1, directly connected L 2001:DB8:FEED:224::1/128 [0/0] via GigabitEthernet0/0/1, receive L FF00::/8 [0/0] via Null0, receive R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Configure Interfaces Configure Verification Commands (Cont.) R1# show interfaces gig0/0/0 Display statistics for all GigabitEthernet0/0/0 is up, line protocol is up Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140) interfaces with the show Description: Link to LAN interfaces command, as Internet address is 192.168.10.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, shown here: reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 100Mbps, link type is auto, media type is RJ45 output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:35, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1180 packets input, 109486 bytes, 0 no buffer Received 84 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Configure Interfaces Configure Verification Commands (Cont.) R1# show ip interface g0/0/0 Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up router interfaces with the Internet address is 192.168.10.1/24 Broadcast address is 255.255.255.255 show ip interface Address determined by setup command command, as shown here: MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP Flow switching is disabled R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Configure Interfaces Configure Verification Commands (Cont.) R1# show ipv6 interface g0/0/0 Display IPv6 statistics for GigabitEthernet0/0/0 is up, line protocol is up router interfaces with the IPv6 is enabled, link-local address is FE80::868A:8DFF:FE44:49B0 show ipv6 interface No Virtual link-local address(es): command shown here: Description: Link to LAN Global unicast address(es): 2001:DB8:ACAD:10::1, subnet is 2001:DB8:ACAD:10::/64 Joined group address(es): FF02::1 FF02::1:FF00:1 FF02::1:FF44:49B0 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND NS retransmit interval is 1000 milliseconds R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 10.3 Configure the Default Gateway © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Configure the Default Gateway Default Gateway on a Host The default gateway is used when a host sends a packet to a device on another network. The default gateway address is generally the router interface address attached to the local network of the host. To reach PC3, PC1 addresses a packet with the IPv4 address of PC3, but forwards the packet to its default gateway, the G0/0/0 interface of R1. Note: The IP address of the host and the router interface must be in the same network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Configure the Default Gateway Default Gateway on a Switch A switch must have a default gateway address configured to remotely manage the switch from another network. To configure an IPv4 default gateway on a switch, use the ip default- gateway ip-address global configuration command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Configure Initial Router Settings Packet Tracer – Connect a Router to a LAN In this Packet Tracer, you will do the following: Display the router information. Configure router interfaces. Verify the configuration. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Configure Initial Router Settings Packet Tracer – Troubleshoot Default Gateway Issues In this Packet Tracer, you will do the following: Verify the network documentation and use tests to isolate problems. Determine an appropriate solution for a given problem. Implement the solution. Test to verify the problem is resolved. Document the solution. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 10.4 Module Practice and Quiz © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Module Practice and Quiz Video – Network Device Differences: Part 1 This video will cover the different physical characteristics of the following: Cisco 4000 Series Router. Cisco 2900 Series Router. Cisco 1900 Series Router. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Module Practice and Quiz Video – Network Device Differences: Part 2 This video will cover the different configurations of the following: Cisco 4000 Series Router. Cisco 2900 Series Router. Cisco 1900 Series Router. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Configure Initial Router Settings Packet Tracer – Basic Device Configuration In this Packet Tracer, you will do the following: Complete the network documentation. Perform basic device configurations on a router and a switch. Verify connectivity and troubleshoot any issues. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Configure Initial Router Settings Lab – Build a Switch and Router Network In this Lab, you will complete the following objectives: Set up the topology and initialize devices. Configure devices and verify connectivity. Display device information. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Module Practice and Quiz What did I learn in this module? The tasks that should be completed when configuring initial settings on a router. Configure the device name. Secure privileged EXEC mode. Secure user EXEC mode. Secure remote Telnet / SSH access. Secure all passwords in the config file. Provide legal notification. Save the configuration. For routers to be reachable, the router interfaces must be configured. Using the no shutdown command activates the interface. The interface must also be connected to another device, such as a switch or a router, for the physical layer to be active. There are several commands that can be used to verify interface configuration including the show ip interface brief and show ipv6 interface brief, the show ip route and show ipv6 route, as well as show interfaces, show ip interface and show ipv6 interface. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Module Practice and Quiz What did I learn in this module (Cont.)? For an end device to reach other networks, a default gateway must be configured. The IP address of the host device and the router interface address must be in the same network. A switch must have a default gateway address configured to remotely manage the switch from another network. To configure an IPv4 default gateway on a switch, use the ip default-gateway ip- address global configuration command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Module 11: IPv4 Addressing Introduction to Networks v7.0 (ITN) Module Objectives Module Title: IPv4 Addressing Module Objective: Calculate an IPv4 subnetting scheme to efficiently segment your network. Topic Title Topic Objective IPv4 Address Structure Describe the structure of an IPv4 address including the network portion, the host portion, and the subnet mask. IPv4 Unicast, Broadcast, and Multicast Compare the characteristics and uses of the unicast, broadcast and multicast IPv4 addresses. Types of IPv4 Addresses Explain public, private, and reserved IPv4 addresses. Network Segmentation Explain how subnetting segments a network to enable better communication. Subnet an IPv4 Network Calculate IPv4 subnets for a /24 prefix. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 11.1 IPv4 Address Structure © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 IPv4 Address Structure Network and Host Portions An IPv4 address is a 32-bit hierarchical address that is made up of a network portion and a host portion. When determining the network portion versus the host portion, you must look at the 32-bit stream. A subnet mask is used to determine the network and host portions. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 IPv4 Address Structure The Subnet Mask To identify the network and host portions of an IPv4 address, the subnet mask is compared to the IPv4 address bit for bit, from left to right. The actual process used to identify the network and host portions is called ANDing. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 IPv4 Address Structure The Prefix Length A prefix length is a less cumbersome method used to identify a subnet mask address. Prefix The prefix length is the number Subnet Mask 32-bit Address Length of bits set to 1 in the subnet 255.0.0.0 11111111.00000000.00000000.00000000 /8 mask. 255.255.0.0 11111111.11111111.00000000.00000000 /16 255.255.255.0 11111111.11111111.11111111.00000000 /24 It is written in “slash notation” therefore, count the number of 255.255.255.128 11111111.11111111.11111111.10000000 /25 bits in the subnet mask and 255.255.255.192 11111111.11111111.11111111.11000000 /26 prepend it with a slash. 255.255.255.224 11111111.11111111.11111111.11100000 /27 255.255.255.240 11111111.11111111.11111111.11110000 /28 255.255.255.248 11111111.11111111.11111111.11111000 /29 255.255.255.252 11111111.11111111.11111111.11111100 /30 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 IPv4 Address Structure Determining the Network: Logical AND A logical AND Boolean operation is used in determining the network address. Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other combination results in a 0. 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0 1 = True and 0 = False To identify the network address, the host IPv4 address is logically ANDed, bit by bit, with the subnet mask to identify the network address. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 IPv4 Address Structure Video – Network, Host and Broadcast Addresses This video will cover the following: Network address Broadcast Address First usable host Last usable host © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 IPv4 Address Structure Network, Host, and Broadcast Addresses Within each network are three types of IP addresses: Network address Host addresses Broadcast address Host Network Portion Host Bits Portion Subnet mask 255 255 255 0 255.255.255.0 or /24 11111111 11111111 11111111 00000000 Network address 192 168 10 0 All 0s 192.168.10.0 or /24 11000000 10100000 00001010 00000000 First address 192 168 10 1 All 0s and a 1 192.168.10.1 or /24 11000000 10100000 00001010 00000001 Last address 192 168 10 254 All 1s and a 0 192.168.10.254 or /24 11000000 10100000 00001010 11111110 Broadcast address 192 168 10 255 All 1s 192.168.10.255 or /24 11000000 10100000 00001010 11111111 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 11.2 IPv4 Unicast, Broadcast, and Multicast © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 IPv4 Unicast, Broadcast, and Multicast Unicast Unicast transmission is sending a packet to one destination IP address. For example, the PC at 172.16.4.1 sends a unicast packet to the printer at 172.16.4.253. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 IPv4 Unicast, Broadcast, and Multicast Broadcast Broadcast transmission is sending a packet to all other destination IP addresses. For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 IPv4 Unicast, Broadcast, and Multicast Multicast Multicast transmission is sending a packet to a multicast address group. For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group address 224.10.10.5. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 11.3 Types of IPv4 Addresses © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 Types of IPv4 Addresses Public and Private IPv4 Addresses As defined in in RFC 1918, public IPv4 addresses are globally routed between internet service provider (ISP) routers. Private addresses are common blocks of Network Address RFC 1918 Private Address Range addresses used by most organizations to and Prefix assign IPv4 addresses to internal hosts. 10.0.0.0/8 10.0.0.0 - 10.255.255.255 172.16.0.0/12 172.16.0.0 - 172.31.255.255 Private IPv4 addresses are not unique and can be used internally within any 192.168.0.0/16 192.168.0.0 - 192.168.255.255 network. However, private addresses are not globally routable. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Types of IPv4 Addresses Routing to the Internet Network Address Translation (NAT) translates private IPv4 addresses to public IPv4 addresses. NAT is typically enabled on the edge router connecting to the internet. It translates the internal private address to a public global IP address. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 Types of IPv4 Addresses Special Use IPv4 Addresses Loopback addresses 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254) Commonly identified as only 127.0.0.1 Used on a host to test if TCP/IP is operational. Link-Local addresses 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254) Commonly known as the Automatic Private IP Addressing (APIPA) addresses or self- assigned addresses. Used by Windows DHCP clients to self-configure when no DHCP servers are available. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Types of IPv4 Addresses Legacy Classful Addressing RFC 790 (1981) allocated IPv4 addresses in classes Class A (0.0.0.0/8 to 127.0.0.0/8) Class B (128.0.0.0 /16 – 191.255.0.0 /16) Class C (192.0.0.0 /24 – 223.255.255.0 /24) Class D (224.0.0.0 to 239.0.0.0) Class E (240.0.0.0 – 255.0.0.0) Classful addressing wasted many IPv4 addresses. Classful address allocation was replaced with classless addressing which ignores the rules of classes (A, B, C). © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 Types of IPv4 Addresses Assignment of IP Addresses The Internet Assigned Numbers Authority (IANA) manages and allocates blocks of IPv4 and IPv6 addresses to five Regional Internet Registries (RIRs). RIRs are responsible for allocating IP addresses to ISPs who provide IPv4 address blocks to smaller ISPs and organizations. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 11.4 Network Segmentation © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Network Segmentation Broadcast Domains and Segmentation Many protocols use broadcasts or multicasts (e.g., ARP use broadcasts to locate other devices, hosts send DHCP discover broadcasts to locate a DHCP server.) Switches propagate broadcasts out all interfaces except the interface on which it was received. The only device that stops broadcasts is a router. Routers do not propagate broadcasts. Each router interface connects to a broadcast domain and broadcasts are only propagated within that specific broadcast domain. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 Network Segmentation Problems with Large Broadcast Domains A problem with a large broadcast domain is that these hosts can generate excessive broadcasts and negatively affect the network. The solution is to reduce the size of the network to create smaller broadcast domains in a process called subnetting. Dividing the network address 172.16.0.0 /16 into two subnets of 200 users each: 172.16.0.0 /24 and 172.16.1.0 /24. Broadcasts are only propagated within the smaller broadcast domains. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 Network Segmentation Reasons for Segmenting Networks Subnetting reduces overall network traffic and improves network performance. It can be used to implement security policies between subnets. Subnetting reduces the number of devices affected by abnormal broadcast traffic. Subnets are used for a variety of reasons including by: Location Group or Function Device Type © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 11.5 Subnet an IPv4 Network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Subnet an IPv4 Network Subnet on an Octet Boundary Networks are most easily subnetted at the octet boundary of /8, /16, and /24. Notice that using longer prefix lengths decreases the number of hosts per subnet. Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of hosts nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh /8 255.0.0.0 16,777,214 11111111.00000000.00000000.00000000 nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh /16 255.255.0.0 65,534 11111111.11111111.00000000.00000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh /24 255.255.255.0 254 11111111.11111111.11111111.00000000 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 Subnet an IPv4 Network Subnet on an Octet Boundary (Cont.) In the first table 10.0.0.0/8 is subnetted using /16 and in the second table, a /24 mask. Subnet Address Host Range Subnet Address Host Range (256 Possible (65,534 possible hosts per Broadcast (65,536 Possible Broadcast (254 possible hosts per subnet) Subnets) subnet) Subnets) 10.0.0.0/16 10.0.0.1 - 10.0.255.254 10.0.255.255 10.0.0.0/24 10.0.0.1 - 10.0.0.254 10.0.0.255 10.0.1.0/24 10.0.1.1 - 10.0.1.254 10.0.1.255 10.1.0.0/16 10.1.0.1 - 10.1.255.254 10.1.255.255 10.0.2.0/24 10.0.2.1 - 10.0.2.254 10.0.2.255 10.2.0.0/16 10.2.0.1 - 10.2.255.254 10.2.255.255 … … … 10.3.0.0/16 10.3.0.1 - 10.3.255.254 10.3.255.255 10.0.255.0/24 10.0.255.1 - 10.0.255.254 10.0.255.255 10.4.0.0/16 10.4.0.1 - 10.4.255.254 10.4.255.255 10.1.0.0/24 10.1.0.1 - 10.1.0.254 10.1.0.255 10.5.0.0/16 10.5.0.1 - 10.5.255.254 10.5.255.255 10.1.1.0/24 10.1.1.1 - 10.1.1.254 10.1.1.255 10.1.2.0/24 10.1.2.1 - 10.1.2.254 10.1.2.255 10.6.0.0/16 10.6.0.1 - 10.6.255.254 10.6.255.255 … … … 10.7.0.0/16 10.7.0.1 - 10.7.255.254 10.7.255.255 10.100.0.0/24 10.100.0.1 - 10.100.0.254 10.100.0.255.................. 10.255.0.0/16 10.255.0.1 - 10.255.255.254 10.255.255.255 10.255.255.0/24 10.255.255.1 - 10.2255.255.254 10.255.255.255 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 Subnet an IPv4 Network Subnet within an Octet Boundary Refer to the table to see six ways to subnet a /24 network. Subnet Mask in Binary # of Prefix Length Subnet Mask # of hosts (n = network, h = host) subnets nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh /25 255.255.255.128 2 126 11111111.11111111.11111111.10000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh /26 255.255.255.192 4 62 11111111.11111111.11111111.11000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh /27 255.255.255.224 8 30 11111111.11111111.11111111.11100000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh /28 255.255.255.240 16 14 11111111.11111111.11111111.11110000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh /29 255.255.255.248 32 6 11111111.11111111.11111111.11111000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh /30 255.255.255.252 64 2 11111111.11111111.11111111.11111100 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Subnet an IPv4 Network Video – The Subnet Mask This video will demonstrate the process of subnetting. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Subnet an IPv4 Network Video – Subnet with the Magic Number This video will demonstrate subnetting with the magic number. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 Subnet an IPv4 Network Packet Tracer – Subnet an IPv4 Network In this Packet Tracer, you will do the following: Design an IPv4 Network Subnetting Scheme Configure the Devices Test and Troubleshoot the Network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 11.6 Subnet a Slash 16 and a Slash 8 Prefix © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 Subnet a Slash 16 and a Slash 8 Prefix Create Subnets with a Slash 16 prefix Prefix Length Subnet Mask Network Address (n = network, h = host) # of subnets # of hosts nnnnnnnn.nnnnnnnn.nhhhhhhh.hhhhhhhh /17 255.255.128.0 2 32766 The table highlights all 11111111.11111111.10000000.00000000 nnnnnnnn.nnnnnnnn.nnhhhhhh.hhhhhhhh the possible scenarios for /18 255.255.192.0 11111111.11111111.11000000.00000000 4 16382 subnetting a /16 prefix. /19 255.255.224.0 nnnnnnnn.nnnnnnnn.nnnhhhhh.hhhhhhhh 11111111.11111111.11100000.00000000 8 8190 nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh /20 255.255.240.0 16 4094 11111111.11111111.11110000.00000000 nnnnnnnn.nnnnnnnn.nnnnnhhh.hhhhhhhh /21 255.255.248.0 32 2046 11111111.11111111.11111000.00000000 nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh /22 255.255.252.0 64 1022 11111111.11111111.11111100.00000000 nnnnnnnn.nnnnnnnn.nnnnnnnh.hhhhhhhh /23 255.255.254.0 128 510 11111111.11111111.11111110.00000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh /24 255.255.255.0 256 254 11111111.11111111.11111111.00000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh /25 255.255.255.128 512 126 11111111.11111111.11111111.10000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh /26 255.255.255.192 1024 62 11111111.11111111.11111111.11000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh /27 255.255.255.224 2048 30 11111111.11111111.11111111.11100000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh /28 255.255.255.240 4096 14 11111111.11111111.11111111.11110000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh /29 255.255.255.248 8192 6 11111111.11111111.11111111.11111000 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh /30 255.255.255.252 16384 2 11111111.11111111.11111111.11111100 Subnet a Slash 16 and a Slash 8 Prefix Create 100 Subnets with a Slash 16 prefix Consider a large enterprise that requires at least 100 subnets and has chosen the private address 172.16.0.0/16 as its internal network address. The figure displays the number of subnets that can be created when borrowing bits from the third octet and the fourth octet. Notice there are now up to 14 host bits that can be borrowed (i.e., last two bits cannot be borrowed). To satisfy the requirement of 100 subnets for the enterprise, 7 bits (i.e., 27 = 128 subnets) would need to be borrowed (for a total of 128 subnets). © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64 Subnet a Slash 16 and a Slash 8 Prefix Create 1000 Subnets with a Slash 8 prefix Consider a small ISP that requires 1000 subnets for its clients using network address 10.0.0.0/8 which means there are 8 bits in the network portion and 24 host bits available to borrow toward subnetting. The figure displays the number of subnets that can be created when borrowing bits from the second and third. Notice there are now up to 22 host bits that can be borrowed (i.e., last two bits cannot be borrowed). To satisfy the requirement of 1000 subnets for the enterprise, 10 bits (i.e., 210=1024 subnets) would need to be borrowed (for a total of 128 subnets) © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65 Subnet a Slash 16 and a Slash 8 Prefix Video – Subnet Across Multiple Octets This video will demonstrate creating subnets across multiple octets. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66 Subnet a Slash 16 and a Slash 8 Prefix Lab – Calculate IPv4 Subnets In this lab, you will complete the following objectives: Part 1: Determine IPv4 Address Subnetting Part 2: Calculate IPv4 Address Subnetting © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67 11.7 Subnet to Meet Requirements © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68 Subnet to Meet Requirements Subnet Private versus Public IPv4 Address Space Enterprise networks will have an: Intranet - A company’s internal network typically using private IPv4 addresses. DMZ – A companies internet facing servers. Devices in the DMZ use public IPv4 addresses. A company could use the 10.0.0.0/8 and subnet on the /16 or /24 network boundary. The DMZ devices would have to be configured with public IP addresses. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69 Subnet to Meet Requirements Minimize Unused Host IPv4 Addresses and Maximize Subnets There are two considerations when planning subnets: The number of host addresses required for each network The number of individual subnets needed Subnet Mask in Binary # of Prefix Length Subnet Mask # of hosts (n = network, h = host) subnets nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh /25 255.255.255.128 2 126 11111111.11111111.11111111.10000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh /26 255.255.255.192 4 62 11111111.11111111.11111111.11000000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh /27 255.255.255.224 8 30 11111111.11111111.11111111.11100000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh /28 255.255.255.240 16 14 11111111.11111111.11111111.11110000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh /29 255.255.255.248 32 6 11111111.11111111.11111111.11111000 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh /30 255.255.255.252 64 2 11111111.11111111.11111111.11111100 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70 Subnet to Meet Requirements Example: Efficient IPv4 Subnetting In this example, corporate headquarters has been allocated a public network address of 172.16.0.0/22 (10 host bits) by its ISP providing 1,022 host addresses. There are five sites and therefore five internet connections which means the organization requires 10 subnets with the largest subnet requires 40 addresses. It allocated 10 subnets with a /26 (i.e., 255.255.255.192) subnet mask. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71 Subnet to Meet Requirements Packet Tracer – Subnetting Scenario In this Packet Tracer, you will do the following: Design an IP Addressing Scheme Assign IP Addresses to Network Devices and Verify Connectivity © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72 11.8 VLSM © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73 VLSM Video – VLSM Basics This video will explain VLSM basics. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74 VLSM Video – VLSM Example This video will demonstrate creating subnets specific to the needs of the network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75 VLSM IPv4 Address Conservation Given the topology, 7 subnets are required (i.e, four LANs and three WAN links) and the largest number of host is in Building D with 28 hosts. A /27 mask would provide 8 subnets of 30 host IP addresses and therefore support this topology. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76 VLSM IPv4 Address Conservation (Cont.) However, the point-to-point WAN links only require two addresses and therefore waste 28 addresses each for a total of 84 unused addresses. Applying a traditional subnetting scheme to this scenario is not very efficient and is wasteful. VLSM was developed to avoid wasting addresses by enabling us to subnet a subnet. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77 VLSM VLSM The left side displays the traditional subnetting scheme (i.e., the same subnet mask) while the right side illustrates how VLSM can be used to subnet a subnet and divided the last subnet into eight /30 subnets. When using VLSM, always begin by satisfying the host requirements of the largest subnet and continue subnetting until the host requirements of the smallest subnet are satisfied. The resulting topology with VLSM applied. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78 VLSM VLSM Topology Address Assignment Using VLSM subnets, the LAN and inter-router networks can be addressed without unnecessary waste as shown in the logical topology diagram. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79 11.9 Structured Design © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80 Structured Design IPv4 Network Address Planning IP network planning is crucial to develop a scalable solution to an enterprise network. To develop an IPv4 network wide addressing scheme, you need to know how many subnets are needed, how many hosts a particular subnet requires, what devices are part of the subnet, which parts of your network use private addresses, and which use public, and many other determining factors. Examine the needs of an organization’s network usage and how the subnets will be structured. Perform a network requirement study by looking at the entire network to determining how each area will be segmented. Determine how many subnets are needed and how many hosts per subnet. Determine DHCP address pools and Layer 2 VLAN pools. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81 Structured Design Device Address Assignment Within a network, there are different types of devices that require addresses: End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6 clients can obtain address information using DHCPv6 or SLAAC. Servers and peripherals – These should have a predictable static IP address. Servers that are accessible from the internet – Servers must have a public IPv4 address, most often accessed using NAT. Intermediary devices – Devices are assigned addresses for network management, monitoring, and security. Gateway – Routers and firewall devices are gateway for the hosts in that network. When developing an IP addressing scheme, it is generally recommended that you have a set pattern of how addresses are allocated to each type of device. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82 Structured Design Packet Tracer – VLSM Design and Implementation Practice In this Packet Tracer, you will do the following: Examine the Network Requirements Design the VLSM Addressing Scheme Assign IP Addresses to Devices and Verify Connectivity © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83 11.10 Module Practice and Quiz © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84 Structured Design Packet Tracer – Design and Implement a VLSM Addressing Scheme In this Packet Tracer, you will do the following: Design a VLSM IP addressing scheme given requirements Configure addressing on network devices and hosts Verify IP connectivity Troubleshoot connectivity issues as required. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85 Structured Design Lab - Design and Implement a VLSM Addressing Scheme In this lab, you will complete the following objectives: Examine Network Requirements Design the VLSM Address Scheme Cable and Configure the IPv4 Network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86 Module Practice and Quiz What did I learn in this module? The IP addressing structure consists of a 32-bit hierarchical network address that identifies a network and a host portion. Network devices use a process called ANDing using the IP address and associated subnet mask to identify the network and host portions. Destination IPv4 packets can be unicast, broadcast, and multicast. There are globally routable IP addresses as assigned by the IANA and there are three ranges of private IP network addresses that cannot be routed globally but can be used on all internal private networks. Reduce large broadcast domains using subnets to create smaller broadcast domains, reduce overall network traffic, and improve network performance. Create IPv4 subnets using one or more of the host bits as network bits. However, networks are most easily subnetted at the octet boundary of /8, /16, and /24. Larger networks can be subnetted at the /8 or /16 boundaries. Use VLSM to reduce the number of unused host addresses per subnet. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87 Module Practice and Quiz What did I learn in this module? (Cont.) VLSM allows a network space to be divided into unequal parts. Always begin by satisfying the host requirements of the largest subnet. Continue subnetting until the host requirements of the smallest subnet are satisfied. When designing a network addressing scheme, consider internal, DMZ, and external requirements. Use a consistent internal IP addressing scheme with a set pattern of how addresses are allocated to each type of device. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
